Android App Classification and Permission Usage Risk Assessment

  • Yidong ShenEmail author
  • Ming Xu
  • Ning Zheng
  • Jian Xu
  • Wenjing Xia
  • Yiming Wu
  • Tong Qiao
  • Tao Yang
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 252)


With Android6.0, users can decide whether to grant an app runtime permission. However, users may not understand the potential negative consequences of granting app permissions. In this paper, we investigate the feasibility of using an app’s requested permissions and the intent-filters, app’s category and permissions requested by other apps in the same category to better inform users about whether to install a given app and the risk scores associated with granting each of the app’s required permissions. In an evaluation with 10,979 benign and 3,205 malicious apps, we demonstrate the effectiveness of the proposal approach.


Android Runtime permission Risk score Category 



This work is supported by the National Key R&D Plan of China under grant no. 2016YFB0800201, the Natural Science Foundation of China under grant no. 61070212 and 61572165, the State Key Program of Zhejiang Province Natural Science Foundation of China under grant no. LZ15F020003, the Key research and development plan project of Zhejiang Province under grant no. 2017C01065, the Key Lab of Information Network Security, Ministry of Public Security, under grant no. C16603.


  1. 1.
  2. 2.
  3. 3.
  4. 4.
    Allix, K., Bissyandé, T.F., Klein, J., Le Traon, Y.: AndroZoo: collecting millions of android apps for the research community. In: 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR), pp. 468–471. IEEE (2016)Google Scholar
  5. 5.
    Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: DREBIN: effective and explainable detection of android malware in your pocket. In: NDSS (2014)Google Scholar
  6. 6.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 3. ACM (2012)Google Scholar
  7. 7.
    Google: Android system permission 2015 (2015).
  8. 8.
    Ho, T.K.: Random decision forests. In: Proceedings of the Third International Conference on Document Analysis and Recognition, vol. 1, pp. 278–282. IEEE (1995)Google Scholar
  9. 9.
    Jha, A.K., Lee, W.J.: Analysis of permission-based security in android through policy expert, developer, and end user perspectives. J. UCS 22(4), 459–474 (2016)Google Scholar
  10. 10.
    McAfee: Mcafee labs threats report April 2017 (2017).
  11. 11.
    Oglaza, A., Laborde, R., Benzekri, A., Barrère, F.: A recommender-based system for assisting non-technical users in managing android permissions. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 1–9. IEEE (2016)Google Scholar
  12. 12.
    Rashidi, B., Fung, C., Bertino, E.: Android resource usage risk assessment using hidden Markov model and online learning. Comput. Secur. 65, 90–107 (2017)CrossRefGoogle Scholar
  13. 13.
    Rashidi, B., Fung, C., Vu, T.: Dude, ask the experts!: Android resource access permission recommendation with recdroid. In: IFIP/IEEE International Symposium on Integrated Network Management, pp. 296–304. IEEE (2015)Google Scholar
  14. 14.
    Rashidi, B., Fung, C., Nguyen, A., Vu, T.: Android permission recommendation using transitive Bayesian inference model. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016, Part I. LNCS, vol. 9878, pp. 477–497. Springer, Cham (2016). Scholar
  15. 15.
    Sarma, B.P., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pp. 13–22. ACM (2012)Google Scholar
  16. 16.
    Sokolova, K., Perez, C., Lemercier, M.: Android application classification and anomaly detection with graph-based permission patterns. Decis. Support. Syst. 93, 62–76 (2017)CrossRefGoogle Scholar
  17. 17.
    Taylor, V.F., Martinovic, I.: Starving permission-hungry android apps using SecuRank. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1850–1852. ACM (2016)Google Scholar
  18. 18.
    Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: IEEE Symposium on Security and Privacy, pp. 95–109 (2012)Google Scholar
  19. 19.
    Zhu, H., Xiong, H., Ge, Y., Chen, E.: Mobile app recommendations with security and privacy awareness. In: Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 951–960. ACM (2014)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  • Yidong Shen
    • 1
    Email author
  • Ming Xu
    • 1
  • Ning Zheng
    • 1
  • Jian Xu
    • 1
  • Wenjing Xia
    • 1
  • Yiming Wu
    • 2
  • Tong Qiao
    • 2
  • Tao Yang
    • 3
  1. 1.Internet and Network Security Laboratory of Hangzhou Dianzi UniversityHangzhouChina
  2. 2.School of CyberspaceHangzhou Dianzi UniversityHangzhouChina
  3. 3.Key Lab of the Third Research Institute of the Ministry of Public SecurityShanghaiChina

Personalised recommendations